package app.modules.cloudpivot.configuration;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * 自定义权限配置
 *
 * @author LiuGangQiang Create in 2023/12/19
 */
@Configuration
@EnableResourceServer
@Order(5)
public class CustomResourceConfig extends ResourceServerConfigurerAdapter {

    @Value("${cloudpivot.api.oauth.enabled:true}")
    private boolean oauthEnabled;

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        if (oauthEnabled) {
            http.authorizeRequests().antMatchers("/extend/aliyun/ocr").authenticated();
            http.authorizeRequests().antMatchers("/extend/file/**").authenticated();
            http.authorizeRequests().antMatchers("/h3yun/auth/validation").permitAll();
            http.authorizeRequests().antMatchers("/extend/soap/**").permitAll();
            http.authorizeRequests().antMatchers("/extend/test/**").authenticated();
        }
    }
}
